AWS
Terraform

[ACM] SSL証明書発行時のドメイン認証メールをSESで受け取ってみた のTerraform

More than 1 year has passed since last update.

元ネタ:[ACM] SSL証明書発行時のドメイン認証メールをSESで受け取ってみた

意外と設定項目多いしメンドかったので書いとく

  • providerは適当に定義
  • example.comになってるところを適当に良い感じに設定
resource "aws_ses_domain_identity" "mail" {
  domain = "example.com"

  provider = "aws.oregon"
}

resource "aws_route53_record" "mail_amazonses_verification_record" {
  zone_id = "zone_id of example.com"
  name    = "_amazonses.example.com"
  type    = "TXT"
  ttl     = "600"
  records = ["${aws_ses_domain_identity.mail.verification_token}"]
}

resource "aws_route53_record" "mail_amazonses_inbound_mx" {
  zone_id = "zone_if of example.com"
  name    = "example.com"
  type    = "MX"
  ttl     = "600"
  # リージョンごとに設定するエンドポイントは↓を参照(例はオレゴン)
  # http://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/regions.html
  records = ["10 inbound-smtp.us-west-2.amazonaws.com"]
}

resource "aws_s3_bucket" "mailbox" {
  bucket = "mailbox"
}

resource "aws_s3_bucket_policy" "mailbox" {
  bucket = "${aws_s3_bucket.mailbox.id}"
  policy = "${data.aws_iam_policy_document.mailbox.json}"
}

data "aws_iam_policy_document" "mailbox" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["ses.amazonaws.com"]
    }

    actions = [
      "s3:PutObject",
    ]

    resources = ["${aws_s3_bucket.mailbox.arn}/*"]
  }
}

resource "aws_ses_active_receipt_rule_set" "mail" {
  rule_set_name = "${aws_ses_receipt_rule_set.mail.rule_set_name}"

  provider = "aws.oregon"
}

resource "aws_ses_receipt_rule_set" "mail" {
  rule_set_name = "primary-rules"

  provider = "aws.oregon"
}

resource "aws_ses_receipt_rule" "store" {
  name          = "store-s3"
  rule_set_name = "${aws_ses_receipt_rule_set.mail.rule_set_name}"
  recipients    = ["example.com"]
  enabled       = true
  scan_enabled  = true

  s3_action {
    bucket_name = "${aws_s3_bucket.mailbox.id}"
    position    = 1
  }

  provider = "aws.oregon"
}